Page MenuHomeFreeBSD
Differential D54939

clnt_broadcast(3): don't free function pointers
ClosedPublic
Actions

Authored by brooks on Thu, Jan 29, 12:15 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sun, Feb 22, 4:15 PM
Unknown Object (File)
Sun, Feb 22, 10:15 AM
Unknown Object (File)
Sat, Feb 21, 8:25 PM
Unknown Object (File)
Wed, Feb 18, 4:22 PM
Unknown Object (File)
Wed, Feb 18, 12:02 AM
Unknown Object (File)
Tue, Feb 17, 3:44 AM
Unknown Object (File)
Sun, Feb 8, 2:17 PM
Unknown Object (File)
Thu, Feb 5, 4:12 AM
View All 14 Files
Subscribers
imp

Details

Reviewers
rmacklem
glebius
emaste
asomers
jhb
Group Reviewers
cheri
Commits
rG47413f23e503: clnt_broadcast(3): don't free function pointers
Summary

Replace use of thr_getspecific/thr_setspecific to stash the function
pointer we're smuggling between clnt_broadcast and rpc_wrap_bcast with a
simple thread local variable. Clear it after use so the reference
doesn't linger.

In the relatively unlikely event clnt_broadcast was called from threads
that exited prior to program termination, the previous code called free
on a function pointer, which is undefined and might corrupted allocator
state.

Effort: CHERI upstreaming
Sponsored by: DARPA, AFRL

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

brooks created this revision.Thu, Jan 29, 12:15 PM
Herald added a subscriber: imp. · View Herald TranscriptThu, Jan 29, 12:15 PM
brooks requested review of this revision.Thu, Jan 29, 12:15 PM
Herald added a reviewer: cheri. · View Herald TranscriptThu, Jan 29, 12:15 PM
Harbormaster completed remote builds in B70205: Diff 170676.Thu, Jan 29, 12:15 PM
brooks added a comment.Thu, Jan 29, 12:17 PM

Alternatively one could avoid passing free to thr_keycreate, but the complexity of the thr_keycreate approach doesn't seem worth it to save sizeof(void *) of TLS storage.

brooks added a child revision: D54940: clnt_broadcast(3): fix eachresult argument type.Thu, Jan 29, 12:17 PM
glebius added a reviewer: jhb.Thu, Jan 29, 4:57 PM
glebius accepted this revision.Thu, Jan 29, 5:04 PM
This revision is now accepted and ready to land.Thu, Jan 29, 5:04 PM
jhb accepted this revision.Mon, Feb 2, 3:39 PM

I suspect the old code just predates reliable TLS support in the toolchain so was using the guts of the implementation for pthread_key.

brooks added a comment.Mon, Feb 2, 4:46 PM
In D54939#1258282, @jhb wrote:

I suspect the old code just predates reliable TLS support in the toolchain so was using the guts of the implementation for pthread_key.

The old model does have the advantage of not increasing TLS size for code that isn't commonly used. I decided to leave another half dozen or so alone for now as they involved larger structures. There is an argument that we should just convert them since I doubt it will change how many pages we need for TLS.

Closed by commit rG47413f23e503: clnt_broadcast(3): don't free function pointers (authored by brooks). · Explain WhyMon, Feb 2, 9:20 PM
This revision was automatically updated to reflect the committed changes.
brooks added a commit: rG47413f23e503: clnt_broadcast(3): don't free function pointers.

Revision Contents
Changeset List

PathSize
lib/
libc/
rpc/
35 lines

Diff 171018

View Options

lib/libc/rpc/rpc_soc.c

Loading...